Home > Network Management > ssh-socks

ssh-socks: Setting up a SOCKS Proxy

ssh-socks refers to the concept or script for establishing a local SOCKS proxy server through an SSH connection. This allows you to securely tunnel network traffic from your local applications via a remote server. It is commonly used for bypassing firewalls, enhancing security, and accessing specific network environments.

Overview

ssh-socks utilizes SSH's dynamic port forwarding (-D option) to create a SOCKS proxy on your local machine. Through this proxy, you can route the traffic of your web browser or other applications to the internet via the remote SSH server, effectively making it appear as if you are browsing from the remote server's location.

Key Use Cases

  • Accessing geo-restricted content
  • Enhancing security on public Wi-Fi
  • Accessing internal company network resources
  • Bypassing firewalls

Key Options

ssh-socks primarily leverages options of the 'ssh' command. Here are the commonly used 'ssh' options for setting up a SOCKS proxy:

Proxy Setup

Generated command:

Try combining the commands.

Description:

`ssh-socks` Executes the command.

Combine the above options to virtually execute commands with AI.

Usage Examples

Here are common usage examples for ssh-socks. Replace [user] and [remote_host] with your actual username and remote server address.

Basic SOCKS Proxy Setup

ssh -D 8080 user@remote_host

Sets up a SOCKS proxy on local port 8080 and connects to the remote server. This command will occupy your terminal.

Running SOCKS Proxy in Background

ssh -fN -D 8080 user@remote_host

Runs the proxy in the background, allowing you to continue using your terminal. -N prevents remote command execution, and -f sends it to the background.

Accessing Web Page via Proxy (curl)

curl --socks5-hostname localhost:8080 http://example.com

Uses the previously set up SOCKS proxy (localhost:8080) to access a web page with the curl command.

Accessing Web Page via Proxy (wget)

wget -e use_proxy=yes -e http_proxy=socks5://localhost:8080 http://example.com

Uses the previously set up SOCKS proxy (localhost:8080) to access a web page with the wget command.

Installation

ssh-socks is generally not a standalone command that requires separate installation. Instead, you can set it up directly by utilizing the 'ssh' command's functionality, or for convenience, you can create a shell alias or a simple script.

Setting up as a Shell Alias

alias ssh-socks='ssh -fN -D 8080'

You can define the 'ssh-socks' command by adding the following line to your ~/.bashrc or ~/.zshrc file. After making changes, apply them by running 'source ~/.bashrc' or 'source ~/.zshrc'.

Usage

After setting up the alias, you can use it like 'ssh-socks user@remote_host'. To change the port number, you need to modify the alias definition.

Setting up as a Simple Script

#!/bin/bash

PORT=${1:-8080}
HOST=$2

if [ -z "$HOST" ]; then
  echo "Usage: ssh-socks [port] user@remote_host"
  echo "Default port: 8080"
  exit 1
fi

shift
if [ $# -eq 1 ]; then
  HOST=$1
else
  HOST=$2
fi

ssh -fN -D $PORT "$HOST"

echo "SOCKS proxy is running on localhost:$PORT (PID: $(pgrep -f "ssh -fN -D $PORT $HOST"))"

You can create an executable script at a path like /usr/local/bin/ssh-socks. This method allows for more flexibility in accepting ports or other options as arguments.

Script Usage

After creating the script, grant it execute permissions with 'chmod +x /usr/local/bin/ssh-socks', and then use it like 'ssh-socks user@remote_host' or 'ssh-socks 9000 user@remote_host'.

Tips & Precautions

Here are some useful tips and precautions when using ssh-socks.

Web Browser Configuration

Most web browsers support SOCKS proxy settings. In your browser's network settings, configure the 'SOCKS Host' to 'localhost' and the 'Port' to your chosen port (e.g., 8080).

  • Firefox: Settings -> Network Settings -> Manual proxy configuration -> SOCKS Host
  • Chrome/Edge: Use system proxy settings (varies by OS configuration)

Utilizing SSH Config File (~/.ssh/config)

By pre-defining settings for your remote host in the ~/.ssh/config file, you can use commands more concisely.

  • Host myproxy Hostname remote_host User user DynamicForward 8080 ExitOnForwardFailure yes ServerAliveInterval 60 ServerAliveCountMax 3

SSH Config File Usage Example

ssh -fN myproxy

After configuring as shown above, you can run the proxy with the command 'ssh -fN myproxy'.

Terminating the Proxy

To terminate an SSH SOCKS proxy running in the background, you need to find and kill the corresponding SSH process.

  • ps aux | grep 'ssh -fN -D 8080' (to find the Process ID)
  • kill [PID]

Security Considerations

Since all traffic is routed through the remote server via the SOCKS proxy, it is crucial to verify the security and trustworthiness of that server. Using a proxy through an untrusted server carries the risk of data interception or manipulation.

Same category commands

aria2c

aria2c: A Multi-Protocol Download Utility

curl

curl -I: Check HTTP Header Information

curl

curl: HTTP Requests and File Transfer (Silent Mode)

curl-verbose

curl-verbose: Detailed output of curl's communication

dig

dig: DNS Information Lookup